<?php
- /*--------------------------------------------------\
- | | | session.inc |
- |---------------------------------------------------|
- | front_accounting |
- | http://open-accounting.sourceforge.net/ |
- | by KylieTech Consulting |
- | http://frontaccounting.com/ |
- | by Joe Hunt Consulting |
- \--------------------------------------------------*/
-
+/**********************************************************************
+ Copyright (C) FrontAccounting, LLC.
+ Released under the terms of the GNU Affero General Public License,
+ AGPL, as published by the Free Software Foundation, either version
+ 3 of the License, or (at your option) any later version.
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ See the License here <http://www.gnu.org/licenses/agpl-3.0.html>.
+***********************************************************************/
function output_html($text)
{
- global $before_box, $Ajax;
+ global $before_box, $Ajax, $messages;
+ // Fatal errors are not send to error_handler,
+ // so we must check the output
+ if ($text && preg_match('/\bFatal error(<.*?>)?:(.*)/i', $text, $m)) {
+ $Ajax->aCommands = array(); // Don't update page via ajax on errors
+ $text = preg_replace('/\bFatal error(<.*?>)?:(.*)/i','', $text);
+ $messages[] = array(E_ERROR, $m[2], null, null);
+ }
$Ajax->run();
return in_ajax() ? fmt_errors() : ($before_box.fmt_errors().$text);
}
echo "<center><br><br><br><b>";
echo _("The security settings on your account do not permit you to access this function");
echo "</b>";
- echo "<br><br><a href='javascript:history.go(-1)'>" . _("Back") . "</a>";
echo "<br><br><br><br></center>";
//echo '<script type="text/javascript">';
//echo 'alert("' . _("The security settings on your account do not permit you to access this function") . '");';
}
}
+ //-----------------------------------------------------------------------------
+ // Removing magic quotes from nested arrays/variables
+ //
+ function strip_quotes($data)
+ {
+ if(get_magic_quotes_gpc()) {
+ if(is_array($data)) {
+ foreach($data as $k => $v) {
+ $data[$k] = strip_quotes($data[$k]);
+ }
+ } else
+ return stripslashes($data);
+ }
+ return $data;
+ }
+
+
//----------------------------------------------------------------------------------------
if (!isset($_SESSION["wa_current_user"]) ||
(isset($_SESSION["wa_current_user"]) && !$_SESSION["wa_current_user"]->logged_in()))
if (!isset($_POST["user_name_entry_field"]) or $_POST["user_name_entry_field"] == "")
{
include($path_to_root . "/access/login.php");
- $Ajax->redirect($path_to_root . "/access/login.php");
+ $Ajax->redirect($path_to_root . "/access/login.php");
exit;
}
}
$succeed = $_SESSION["wa_current_user"]->login($_POST["company_login_name"],
$_POST["user_name_entry_field"],
md5($_POST["password"]));
-
+ // select full vs fallback ui mode on login
+ $_SESSION["wa_current_user"]->ui_mode = $_POST['ui_mode'];
if (!$succeed)
{
// Incorrect password
check_page_security($page_security);
-
+// POST vars cleanup needed for direct reuse.
+// We quote all values later with db_escape() before db update.
+ $_POST = strip_quotes($_POST);
?>
\ No newline at end of file
projects / fa-stable.git / blobdiff